#Privacy: Nebraska Medicine suffers data breach

An audit on the electronic health records system discovered that an employee was accessing patient records without authorisation. Between July 11 and October 1, 2019 – an employee had gained access to patients’ medical records outside of the employee’s job role and apparently with no particular reason. Compromised information included names, dates of birth, addresses, […]

#Privacy: Sprint contractor exposes over 250K mobile phone bills

Marketing company Deardorff Communications has exposed 261,300 mobile phone bills due to an unprotected cloud server online. The server contained hundreds of thousands of phone bills of AT&T, T-Mobile and Verizon subscribers. The bills contained names, addresses, phone numbers and call histories of subscribers.  In some cases, extremely sensitive documents such as bank statements and […]

#Privacy: TikTok found secretly transferring user data to China

According to a lawsuit file by a college student TikTok has been secretly transferring user data to China without gaining consent.  The class-action lawsuit filed in California, accuses TikTok of secretly harvesting large amounts of personally identifiable user data and sending it to China.  In addition, the lawsuit accuses TikTok and its parent company ByteDance, […]

#Privacy: Sentara Hospitals to pay $2.175M fine over HIPAA violation

An American health services provider, Sentara Hospitals, has agreed to pay a fine of $2.175 million to settle HIPAA violations. In April 2017, the Department of Health and Human Services (HHS) received a complaint regarding Sentara Hospitals, whereby the complainant had received a bill from Sentara which contained the protected health information (PHI) of another […]

#Privacy: SAP apologies after personal data of gun owners exposed

The personal data of almost 38,000 gun owners has been leaked to dealerships, subsequently forcing the German software giant SAP to apologise. Shortly after the Christchurch shootings earlier this year, a government gun buyback scheme was introduced, which SAP is supporting. The scheme allows owners to return their firearms to dealerships and police stations having […]

#Privacy: TfL enforces mandatory password reset for its Oyster and contactless accounts

Transport for London (TfL) has locked all Oyster and contactless accounts following a data breach incident which took place earlier this year. In August, a credential stuffing attack resulted in threat actors targeting 1,200 Oyster card account holders and taking control of them for a brief moment. Subsequently, TfL locked all Oyster and contactless accounts […]

PrivSec London to kick off data privacy and cybersecurity debate in 2020

Building on the huge success of conferences in Manchester, Dublin, London and New York through 2019, Data Protection World Forum gets 2020 underway with two days of industry-leading debate at PrivSec London.  Coming to the UK capital’s QEII Exhibition Centre on February 4th and 5th 2020, PrivSec London welcomes another packed programme of keynote talks, debates and much […]

#Privacy: New malware campaign found targeting hotel guest data

At least 20 hotels have fallen victim to a new malware campaign impacting hotel guest data in 12 countries.  The malware campaign, named RevengeHotels, has been targeting hotels, hostels, hospitality and tourism companies since 2015.  Researchers at Kaspersky, have noted that the campaign has since expanded, targeting more than 20 hotels in Brazil, Argentina, Bolivia, […]

#Privacy: Smartwatch exposes kids location and personal data

Researchers have warned that a children’s smartwatch has been leaking users’ personal and GPS data, exposing them to multiple threats. Created by the Chinese manufacturer, Shenzhen Smart Care Technology (SMA) Ltd., the SMA M2 smartwatch helps parents track their kids’ location, make phone calls, send messages and even send them notifications when their child leaves […]

#Privacy: Adobe announces Magento Marketplace data breach

Adobe has disclosed a data breach incident that exposed the account information of Magento Marketplace users.  According to Adobe, an unauthorised third-party had exploited an undisclosed vulnerability within the marketplace website. This ultimately allowed them to gain unauthorised access to a database containing information on the marketplace’s registered users.  The exposed information included names, email […]